/******************************************************************************
 * @File name   :      RequestParamFilter.java
 *
 * @Author      :      Wu Jianxi
 *
 * @Date        :      2011-9-26
 *
 * @Copyright Notice: 
 * Copyright (c) 2014 DMS, Inc. All  Rights Reserved.
 * This software is published under the terms of the DMS Software
 * License version 1.0, a copy of which has been included with this
 * distribution in the LICENSE.txt file.
 * 
 * 
 * ----------------------------------------------------------------------------
 * Date                   Who         Version        Comments
 * 2011-9-26 下午01:32:14        Wu Jianxi     1.0            Initial Version
 * 2011-10-14 下午3:52:09        Wu Jianxi     1.1            add illegal words list,change illegal word filter algorithm
 *****************************************************************************/
package com.cap.bts.framework.common.filter;

import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import com.cap.bts.framework.common.servlet.ParameterServletRequestWrapper;

/**
 *
 */
public class RequestParamFilter implements Filter{

    /**
     * {@inheritDoc} 
     * overridden:
     * @Date        :      2011-9-26
     * @see javax.servlet.Filter#destroy()
    **/
    @Override
    public void destroy() {
        
    }

    /**
     * {@inheritDoc} 
     * overridden:
     * @Date        :      2011-9-26
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
    **/
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {
        HttpServletRequest httpReq = (HttpServletRequest)request;
        
        Map params = new HashMap(request.getParameterMap());
        
        Enumeration<String> paramEnum = request.getParameterNames();
        for(;paramEnum.hasMoreElements();){
            String paramName = (String)paramEnum.nextElement();
            
            String[] paramVals = request.getParameterValues(paramName);
            if(null != paramVals){
                params.put(paramName, filterIllegalWord(paramVals));
            }else{
                params.put(paramName, filterIllegalWord((String)params.get(paramName)));
            }
        }
        ParameterServletRequestWrapper requestWrapper = new ParameterServletRequestWrapper(httpReq, params);

        filterChain.doFilter(requestWrapper, response);
    }

    /**
     * {@inheritDoc} 
     * overridden:
     * @Date        :      2011-9-26
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
    **/
    @Override
    public void init(FilterConfig arg0) throws ServletException {
        
    }
    /**
     * illegal words list and it's replacing words, key is regular expression,value is the replacing word.
     * @Date        :      2011-10-14
     * @return  
     */
    private Map<String, String> getEscapeWords(){
        Map<String,String> escapeWords = new HashMap<String,String>();
        //add escape words
        escapeWords.put(">", "&gt;");
        escapeWords.put("<", "&lt;");
//        escapeWords.put("&", " ");
//        escapeWords.put("\"", "&quot;");
//        escapeWords.put("'", "&lsquo;");
//        escapeWords.put("=", " ");
//        escapeWords.put(" [Aa][Nn][Dd] ", " ");
        escapeWords.put(" [Oo][Rr] ", " ");
        return Collections.unmodifiableMap(escapeWords);
        
    }
    
    /**
     * filter illegal words
     * @Date        :      2011-10-14
     * @param paramVal target words including illegal words
     * @return words without illegal words
     */
    private String filterIllegalWord(String paramVal){
        String paramValTemp = paramVal;
        if(null == paramValTemp){
            return null;
        }
        for(Map.Entry<String, String> escapeWord : getEscapeWords().entrySet()){
            paramValTemp = paramValTemp.replaceAll(escapeWord.getKey(), escapeWord.getValue());
        }
        return paramValTemp;
    }

    /**
     * filter illegal words 
     * @Date        :      2011-10-14
     * @param paramVals
     * @return
     */
    private String[] filterIllegalWord(String[] paramVals){
        if(null == paramVals || paramVals.length == 0){
            return null;
        }
        String[] filteredParamVals = new String[paramVals.length];
        for(int i=0; i<paramVals.length; i++){
            filteredParamVals[i] = filterIllegalWord(paramVals[i]);
        }
        return filteredParamVals;
    }
}
